Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Configuring CTE for AIX with CipherTrust Manager

Silent Installation on AIX

search

Please Note:

printsuggest an editpdf paneldownload

Silent Installation on AIX

This section describes how to perform a silent (unattended) installation of the CTE on a single host. The silent installation automates the installation process by storing the answers to installation and registration questions in a separate file that you create. You can also use the silent installation to install CTE on multiple hosts simultaneously.

The silent install method installs CTE on the host, and registers the host with the CipherTrust Manager you specify in the silent installation file.

copy link to clipboardPrerequisites

The following prerequisites must be met for CTE/CTE-U to install and register to CipherTrust Manager properly:

copy link to clipboardProcedure

  1. Log on as an administrator to the host where you will install CTE.

  2. Create a parameter file and store it on your system, or copy an existing file from another location. The file can contain any of the following parameters:

Parameter Description
AGENT_HOST_NAME FQDN of the host on which the CTE Agent is being installed. If this value is not specified, the installer uses the host's IP address.
AGENT_HOST_PORT Specifies the port number for this CTE Agent to use.
AGENT_USEIP Use the IP address of the protected host instead of host name. Used when hostname is not supplied.
CA_CERT Set to provide CA certificate data to CipherTrust Manager.
CA_FILE Set to provide a CA certificate file to CipherTrust Manager.
CERT_FIELD_PARAM Installer option. Default behavior is to use hard-coded values for Root Certificate fields. Uses the same string format as is used in the voradmin command voradmin cos ca_cert create <Certificate Parameters>
ENABLE_CLOUD Set to enable cloud in the Key Manager.
ENABLE_HOST_CHECKS When using CipherTrust Data Security Platform Services (CDSPaaS), set this value to 1 to enable SSL certificate host name checks. Set to 0 to disable. Default: 0. This also forces CTE to enable the verify peer feature during registration. Use only when the CDSPaaS web server certificates contain the target DNS name or IP address.
ENABLE_LDT Set this value to 1 to automatically enable and register CTE-LDT (Live Data Transformation) for this host on your key manager during the silent install.
HOST_DESC Specifies a description for the host. This description is displayed in the CipherTrust Manager. If an entry for this host already exists, and the host already has a description, CipherTrust Manager
HOST_GROUP Specifies the optional host/client group with which this host/client will be associated.
HOST_PROFILE Specifies the client profile in the CipherTrust Manager that will be associated with this client. If this value is omitted, the CipherTrust Manager uses the default client profile.
LDTGROUP_NAME Set the LDT Communication Group for LDT over NFS/CIFS.
REG_TOKEN The registration token for the CipherTrust Manager with which you plan to register this client. Required for registration.
ENABLE_RWP Enable Ransomware Protection.
SERVER_HOSTNAME Required if you want to register CTE with a CipherTrust Manager.
SERVER_IP Alternative for hostname when registering.
TMPDIR Specifies a custom temporary directory that the installer can use during the installation process. If this value is omitted, the installer uses the default temporary directory.
USEHWSIG Set this value to 1 when you want to associate this installation with the machine hardware for cloning prevention.

Example 1: Registering with CipherTrust Manager

The following example contains just the required information for registration with CipherTrust Manager. In this case, the client will be registered with the CipherTrust Manager using its IP address instead of its host name:

SERVER_HOSTNAME=Key-Mgmt-Server.example.com
REG_TOKEN=12345
AGENT_HOST_NAME=10.192.80.86

Example 2: Registering with CipherTrust Manager

The following example specifies the required registration information, adds a host name and description, and enables hardware association. In this case, the client will be registered with the CipherTrust Manager using its host name instead of the IP address:

SERVER_HOSTNAME=Key-Mgmt-Server.example.com
REG_TOKEN=12345
AGENT_HOST_NAME=myagent.example.com
HOST_DESC="West Coast Server 12"
USEHWSIG=1
CERT_FIELD_PARAM="/C=US/ST=California/L=San Jose/O=Thales eSecurity/OU=Vormetrics/CN=localhost/emailAddress=admin@thalegroup.com"
SUBJECT_ALT_NAME_PARAM="DNS:www.thalesgroup.com,email:admin@thalesgroup.com"

  1. Copy or mount the CTE installation file to the host system. The installation file is in the format vee-fs-<release>-<build>-<system>.bin.

  2. Run the installer using the following syntax:

    ./vee-fs-<release>-<build>-<system>.bin [-d <custom-dir>] -s <install-file>

    where:

    • -d <custom-dir> is an optional parameter that specifies the installation directory for CTE. If you omit this parameter, CTE is installed in /opt/vormetric/DataSecurityExpert/agent/.

    • -s <install-file> indicates that you want to install silently using the installation options file <install-file>

    For example, if the installation options file is called /tmp/unattended.txt, you would enter:

    ./vee-fs-7.7.0-87-aix71.bin -s /tmp/unattended.txt

  3. Verify the installation by checking CTE processes on the host:

    • Run vmd -v to check the version of CTE matches that just installed.

    • Run vmsec status to display CTE kernel status.

    • Look at the log files in /var/log/vormetric, especially install.fs.log.<date> and vorvmd_root.log.

  4. In CipherTrust Manager, change the client password using the manual password creation method. This password allows users to access encrypted data if the client is ever disconnected from the CipherTrust Manager. For details on changing the password, see the CipherTrust Manager documentation.

On this page